Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove sha256 from the source's digest #11655

Merged
merged 1 commit into from
Feb 21, 2025
Merged

Remove sha256 from the source's digest #11655

merged 1 commit into from
Feb 21, 2025

Conversation

robaiken
Copy link
Contributor

@robaiken robaiken commented Feb 21, 2025
edited
Loading

What are you trying to accomplish?

Fixing how Dependabot handles Docker image digest updates in Docker Compose by:

  1. Modifying the regex pattern to properly parse sha256: prefixed digests
  2. Storing only the digest hash (without sha256: prefix) in the dependency's source hash
  3. Reusing Dependabot's existing Docker version updater logic for Docker Compose updates
  4. Updated the digest parser in the Tag class to use the FileParser constant

Thanks to @gegoune #390 (comment) and @DigitallyRefined #390 (comment) for raising this issue

Anything you want to highlight for special attention from reviewers?

Removed custom update_digest_and_tag implementation to reuse the base Docker version updater

How will you know you've accomplished your goal?

The changes will be verified when:

  1. Digest updates preserve the sha256: prefix in the final output
  2. Version updates work correctly using Dependabot's Docker version updater
  3. PR titles and descriptions show proper version information

Checklist

  • I have run the complete test suite to ensure all tests and linters pass.
  • I have thoroughly tested my code changes to ensure they work as expected, including adding additional tests for new functionality.
  • I have written clear and descriptive commit messages.
  • I have provided a detailed description of the changes in the pull request, including the problem it addresses, how it fixes the problem, and any relevant details about the implementation.
  • I have ensured that the code is well-documented and easy to understand.

@robaiken robaiken requested a review from a team as a code owner February 21, 2025 12:51
@github-actions github-actions bot added the L: docker:compose Docker Compose label Feb 21, 2025
@gegoune
Copy link

gegoune commented Feb 21, 2025

Thank you! Does it also mean that a human readable versions after hash character will be updated as well?

markhallen
markhallen approved these changes Feb 21, 2025
View reviewed changes
Copy link
Contributor

@markhallen markhallen left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Claud LGTM

@robaiken
Copy link
Contributor Author

@gegoune When this gets deployed, Dependabot should shorten the hash to six chars, but I will not know until the rubber hits the road

@robaiken robaiken merged commit 8cc7554 into main Feb 21, 2025
58 checks passed
@robaiken robaiken deleted the robaiken/fixing-sha-and-tagged-images-for-docker-compose branch February 21, 2025 13:19
dmitris pushed a commit to dmitris/dependabot-core that referenced this pull request Feb 26, 2025
@robaiken @dmitris
Remove sha256 from the source's digest (dependabot#11655)
a472e06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@markhallen markhallen markhallen approved these changes

Assignees
No one assigned
Labels
L: docker:compose Docker Compose
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@robaiken @gegoune @markhallen